Legal Library

Legal Alerts/Articles

In Data Privacy and Security...We Trust?

March 12, 2014 | Author: Christen C. Church

Law Firm: Gentry Locke Rakes & Moore, LLP - Roanoke Office

The digital revolution has ushered us into the information age. On a daily basis, we entrust our personal information, from the mundane to the highly sensitive, to a variety of recipients. For the most part, this free flow of information adds to our quality of life. Check-out lines are effortless; rarely do we even have to sign. We can enroll in a yoga class, deposit a check, and pay our utility bill, all from our smart phone. Want to simultaneously track your spending, the current balance of your checking account, mortgage, credit cards, as well as your 401k, all while lounging by the pool? There's an app for that.

This free flow of information comes with an expectation that those who receive our information will safeguard the privacy and security of the information.

But what if "we" are one of those who are entrusted with information? I am. Attorneys, accountants, physicians, banks, retailers, credit card companies, data storage companies, service providers, the list goes on and on of those who receive sensitive information every day. We all recognize the expectation and value of protecting the privacy and security of the information we are entrusted with. And if anyone doesn't, they should!

We care because we value our clients and our reputation. Laws and regulations may mandate special treatment of certain financial and health information. And frankly, it matters to our bottom line. A large retailer saw net earnings fall following the December 19, 2013 announcement of a wide spread data breach. You may have seen something about this mentioned in the paper....and on the evening news....and in stories of affected individuals flooding your social media feeds. Not only will sales likely continue to be impacted for a time, but this retailer will also have ongoing costs associated with credit monitoring, investigation, and litigation.

But you don't have to be a Fortune 500 company to experience a data breach. Very few businesses have large IT departments that can provide 24-hour service with a matching data security budget to secure every server, laptop, smart phone and mobile device. This makes smaller businesses very attractive to outside attackers.

We need to recognize expectations and also our limitations. We are human, technology will fail, criminals will develop new and more innovative ways to attack and infiltrate our systems. What can we do? A lot, actually.

PlanDon't wait for an attack or a government audit to develop a data privacy and security plan. Review your current technology and how you handle and store information to identify weaknesses. Make sure your software is up to date and continues to receive ongoing support, including updated security patches. Update company policies to mitigate the risk that a data breach could result from relaxed handling and storage of sensitive information. Identify key individuals within the company who should be alerted if a breach is known or suspected, and develop an investigation and response plan if and when such an event occurs.

EducateEducate yourselves and employees. A company policy is only as good as its implementation. Reinforce expectations on an ongoing basis, whether through day-to-day interactions, regularly scheduled meetings, company bulletins, or lunch and learn programs.

MonitorPerform ongoing internal audits on your system, including your technological capabilities, existing policies, and your data breach response plan. Encourage employees who believe they may have recognized a weakness in security or discovered a data breach to report their concerns to the company.

CommunicateCommunicate within the company to raise awareness of the importance of data privacy and security. If you do experience a data breach, work with your trusted advisors to communicate, as appropriate, the nature of the breach and your response. Do not assume that stopping an ongoing breach and uncovering no evidence of harm is as far as you have to go.

LearnStay updated on significant changes in technology. Recognize that laws and regulations will continue to catch up with the reality of today's technology, and this will in all likelihood result in increased duties and reporting requirements for those who have access to sensitive information. Importantly, learn from your experiences and learn from the experiences of others.

This is by no means a step-by-step formula. A successful data privacy and security plan and data breach response plan will involve many of these concepts happening simultaneously.

The views expressed in this document are solely the views of the author and not Martindale-Hubbell. This document is intended for informational purposes only and is not legal advice or a substitute for consultation with a licensed legal professional in a particular case or circumstance.

Contact Gentry Locke Rakes & Moore, LLP - Roanoke Office

Choose Area of Practice Invalid Area of Practice is requiredFirst Name Invalid First Name is requiredLast Name Invalid Last Name is requiredE-mail Address Invalid E-mail Address is required

Describe Your Legal Matter

{{ (description ? description.length : 0) + '/1000 characters' }}

Invalid Legal Matter is required

Country Invalid Country is requiredZipInvalidZipis requiredCity/Town/LocalityInvalid City/Town/Locality is requiredState/Province/DistrictInvalid State/Province/District is requiredPhone Number Invalid Phone Number is required Preferred Contact Method

By clicking on the "Submit" button, you agree to the Terms of Use, Supplemental Terms and Privacy Policy. You also consent to be contacted at the phone number you provided, including by autodials, text messages and/or pre-recorded calls, from Martindale and its affiliates and from or on behalf of attorneys you request or contact through this site. Consent is not a condition of purchase.

You should not send any sensitive or confidential information through this site. Emails sent through this site do not create an attorney-client relationship and may not be treated as privileged or confidential. The lawyer or law firm you are contacting is not required to, and may choose not to, accept you as a client. The Internet is not necessarily secure and emails sent though this site could be intercepted or read by third parties.

CONSUMER WEBSITES

The information provided on this site is not legal advice, does not constitute a lawyer referral service, and no attorney-client or confidential relationship is or should be formed by the use of this site. The attorney listings on the site are paid attorney advertisements. Your access of/to and use of this site is subject to additional Supplemental Terms.